----BEGIN CLASS----
[17:36] <sayan> #startclass
[17:36] <sayan> Roll Call
[17:36] <ritik5049_> Ritik Raushan
[17:36] <swiftkiller> sparsh
[17:36] <iinternaut> vibhor
[17:36] <mrinalraj_> Mrinal Raj
[17:36] <Matorix> Abhay Kaushik
[17:36] <aniruddhab> Aniruddha Basak
[17:36] <abhinits2046> Abhishek kumar
[17:36] <hellozee> Kuntal Majumder
[17:36] <kanay> Kanay bhandari
[17:36] <django_master> Kurian Benoy
[17:36] <j605> Jagannathan Tiruvallur Eachambadi
[17:37] <gargantua_kerr[m> Nilesh Patra
[17:37] <gandalfdwite> Pravar Agrawal
[17:37] <sidntrivedi> Siddhant N Trivedi
[17:37] <knownymous_> Ankur
[17:37] <katek_warren> kumar Prateek
[17:37] <prit28> Pritam
[17:37] <raydeeam> Rayan Das
[17:38] <sayan> We have a good number of students today
[17:38] <siddharthvipul> \o/
[17:39] <BhaveshSGupta> Bhavesh Gupta
[17:39] <sayan> everyone read the link I gave yesterday?
[17:39] <siddharthvipul> Yes :)
[17:40] <django_master> yes
[17:40] <raydeeam> yes
[17:40] <swiftkiller> yes
[17:40] <gandalfdwite> I couldn't finish full rfc
[17:40] <ritik5049_> not completed yet.
[17:40] <iinternaut> not completed
[17:40] <aniruddhab> Not completed yet
[17:40] <katek_warren> not completed yet
[17:40] <mrinalraj_> not completed
[17:40] <gargantua_kerr[m> Not fully yet
[17:41] <knownymous_> Not completely read
[17:41] <sayan> Okay
[17:41] <abhinits2046> not completed yet
[17:41] <sayan> No problem :)
[17:41] <django_master> Not completed
[17:41] <sayan> Any questions from yesterday's class other than architecture/how how it works question?
[17:42] <django_master> !
[17:42] <katek_warren> !
[17:42] <BhaveshSGupta> !
[17:42] <sayan> next
[17:43] <django_master> Main applications of SSH in the current world other than getting into other computers?
[17:43] <iinternaut> !
[17:43] <sayan> that's the only one I know
[17:44] <sayan> At the end, SSH is a protocol that establishes a secure connection between a client and a server computer
[17:44] <sayan> on top of that we have a bunch of applications made
[17:45] <sayan> a good example would ansible
[17:45] <sayan> next
[17:45] <siddharthvipul> what other job a tunnel will have other than letting things pass through :) pretty much
[17:45] <katek_warren> Does ssh only works for networking or we can secure file/data sharing too??
[17:46] <sayan> katek_warren: yes, scp, rsync uses the ssh protocol for sharing files from one server to another
[17:46] <sayan> next
[17:46] <BhaveshSGupta> if we create different ssh key-pair for each account then do we need to create different ssh key-pair for each devices. For example your pc , laptop, office laptop?
[17:46] <sayan> BhaveshSGupta: ideally yes
[17:47] <django_master> !
[17:47] <sayan> next
[17:47] <BhaveshSGupta> okay, <eof>
[17:47] <iinternaut> question asked already <EOM>
[17:47] <sayan> next
[17:47] <django_master> sayan: you told for different accounts create different ssh-keys? Should I do for all email-ids corresponding to ssh-keys?
[17:48] <sayan> someone else wants to answer this question? ^^
[17:49] <sayan> no one?
[17:49] <BhaveshSGupta> Nope only the you require
[17:50] <j605> my ssh keys don't even have the real email, just username@host default. That is just an identifier so don't worry about it
[17:50] <sayan> email is just a label
[17:50] <sayan> to identify
[17:50] <sayan> as I told yesterday
[17:51] <sayan> I can have something like github@localhost
[17:51] <siddharthvipul> *.*
[17:51] <BhaveshSGupta> !
[17:51] <sayan> In the long run I can distinguish these keys
[17:52] <sayan> django_master: it all depends on your choice
[17:52] <sayan> next
[17:52] <BhaveshSGupta> what would be good pratice then to use or not to use email id's?
[17:53] <sayan> BhaveshSGupta: your choice
[17:53] <sayan> let me give you an example:
[17:53] <sayan> Suppose I've a Digital Ocean account which is associated with a single email id
[17:54] <sayan> but I spawn up multiple servers through that account
[17:54] <sayan> each of those servers can have a different ssh key
[17:55] <sayan> like in my case one can host blog, other can be weechat, other znc
[17:55] <sayan> since emails are used as labels
[17:55] <sayan> I can use blog@doboxes, znc@doboxes, weechat@doboxes
[17:56] <sayan> Was that clear enough?
[17:56] <BhaveshSGupta> Yes,
[17:56] <aniruddhab> yes
[17:56] <django_master> yes
[17:56] <BhaveshSGupta> <eom>
[17:56] <sidntrivedi> yes
[17:56] <sayan> servers are nothing but rented remote computers
[17:56] <sayan> :)
[17:56] <aniruddhab> sayan, what you generally do about file name?
[17:57] <aniruddhab> while generating keys
[17:57] <sayan> aniruddhab: use ! first :)
[17:57] <aniruddhab> ok forgot sorry
[17:57] <BhaveshSGupta> aniruddhab use ! To get in queue and ask when batul ask you
[17:57] <sayan> next
[17:57] <aniruddhab> !
[17:58] <sayan> next
[17:58] <aniruddhab> sayan, what you generally do about file name?
[17:58] <aniruddhab> while generating keys
[17:58] <sayan> I use filenames like znc_do, blog_do etc
[17:58] <aniruddhab> ok
[17:59] <sayan> moving ahead
[17:59] <sayan> so, you know that ssh is a safe way to administer and access remote machines
[18:00] <sayan> ssh uses cryptography to establish the connection, authenticate between two parties, and once it's done you can pass commands
[18:01] <sayan> or rathe a shell opens up for you and you can execute the commands
[18:01] <sayan> so before that I will talk of symmetric encryption, asymmetric encryption and hashing
[18:02] <sayan> (these are really difficult topics to explain in simple words but I will try.)
[18:02] <katek_warren> !
[18:02] <sayan> (if there are question and if they divert the class a lot, i will move them to ask after class)
[18:02] <sayan> next
[18:03] <katek_warren> you said about establishing connection and executing commands but can the connection distinguish b/w who can execute command among the two or both can execute
[18:04] <sayan> so the ssh follows a client server model
[18:04] <sayan> one is the client and other is the server
[18:04] <sayan> client executes the command on the server
[18:05] <sayan> * symmetric encryption *
[18:05] <katek_warren> <EOM>
[18:06] <sayan> In symmetric encryption, one key is used between both the client and the server the encrypt the messages
[18:07] <sayan> and also uses the same key to decrypt the messages
[18:07] <sayan> anyone who holds that "one key" can decrypt the messages
[18:09] <sayan> in this type of encryption, the key is called "shared key", "secret key", and few even call "session key" (why session key, I have no clue)
[18:10] <sayan> when this key is built the client and server both contribute towards building the key
[18:10] <sayan> and no one other than these participating machines know about the key
[18:10] <gargantua_kerr[m> !
[18:10] <raydeeam> !
[18:10] <sayan> the process to generate the secret key is known as key exchange algorithm
[18:11] <sayan> # task for the session: learn what is key exchange algorithk
[18:11] <sayan> s/algorithk/algorithm
[18:12] <sayan> but as core you need to know that the client and server contribute towards establishing this key and resulting secret is not known to other parties
[18:12] <zarnigma> read about deffie-hellman key exchange algorithm in a blog
[18:13] <sayan> next
[18:13] <gargantua_kerr[m> who is chosen as the client and who is chosen as the server in case of symmetric encryption?
[18:14] <gargantua_kerr[m> How is it chosen? <eom>
[18:15] <sayan> suppose gargantua_kerr[m you need to buy a candy whose cost is 10 USD
[18:15] <sayan> and you are two friends who went to the shop to buy the candy
[18:16] <sayan> so one friend contribute 5, and you contribute the other 5
[18:16] <sayan> The same thing happens when generating the key, both contribute equally
[18:17] <sayan> but if we think from a user perspective, if you use a remote machine, you would be the client, and the machine you are accessing is the server
[18:17] <sayan> next
[18:17] <raydeeam> In symmetric encryption the key can be private or public? or only public?
[18:17] <sayan> raydeeam: what do you think?
[18:18] <raydeeam> private i think
[18:18] <sayan> why not public?
[18:19] <raydeeam> only i can access the private key
[18:19] <zarnigma> !
[18:19] <zarnigma> may I?
[18:19] <sayan> next
[18:19] <sayan> go ahead
[18:19] <zarnigma> single key if made public is like a leaked password . anyone can decrypt the information
[18:20] <gandalfdwite> !
[18:20] <zarnigma> in symmetric encryption we use the same key to encrypt as well decrypt the data. That is why it has to be private
[18:20] <sayan> exactly, you encrypt put in a password to your safe, and then go ahead and distribute the password to the public
[18:20] <sayan> anyone now can open the sage
[18:20] <sayan> s/sage/safe
[18:20] <sayan> next
[18:20] <gandalfdwite> The key which is created in symmetric encryption, does it hold validity for a certain period of time?
[18:21] <sayan> gandalfdwite: good question, I'm not sure maybe we can search later
[18:21] <gandalfdwite> okay, sayan
[18:22] <sayan> but what I think is they shared key is valid for the duration of the connection
[18:22] <gandalfdwite> okay, I'll search more on it then.
[18:22] <sayan> thanks!
[18:22] <sayan> going ahead
[18:23] <sayan> * asymmetric encryption *
[18:23] <sayan> in asymmetric encryption, for sending data in one direction two keys are needed
[18:23] <sayan> one is known as the private key
[18:24] <sayan> the other as the public key
[18:24] <sayan> the public key can be freely shared to public
[18:24] <sayan> can someone give an instance when did we share the public key?
[18:24] <iinternaut> !
[18:24] <sayan> next
[18:24] <django_master> github account
[18:25] <iinternaut> yesterday, for GitHub ssh auth
[18:25] <sayan> Yes
[18:26] <sayan> the public and private key are paired keys, but the private key in no manner can be derived from public key
[18:26] <sayan> basically private key is private, and should remain private
[18:27] <sayan> if a message needs to be encrypted then you use the receiver's public key and it can only be decrypted by receivers private key
[18:27] <nightwarrior-xxx> !
[18:27] <sayan> suppose zarnigma and iinternaut are working on this very classified project, each of them have a a private-public key pair
[18:28] <sayan> and now zarnigma wants to send their app admin password to iinternaut
[18:28] <sayan> so zarnigma would encrypt it with iinternaut public key and send the encrypted message to iinternaut
[18:28] <sayan> and then iinternaut would decrypt the message with the private key
[18:29] <sayan> any questions till here?
[18:29] <iinternaut> nope
[18:29] <swiftkiller> !
[18:30] <zarnigma> !
[18:30] <raydeeam> !
[18:30] <nightwarrior-xxx> sayan: Nope
[18:30] <sayan> next
[18:30] <ritik5049_> !
[18:31] <sayan> next
[18:31] <swiftkiller> so basically public key can only be used to decrypt, and private can do both encrypt and decrypt
[18:31] <swiftkiller> ?
[18:31] <sayan> nope
[18:31] <sayan> public key is only for encrypt and private is only for decrypt
[18:31] <gargantua_kerr[m> !
[18:32] <swiftkiller> okay gotcha thanks
[18:33] <sayan> next
[18:33] <zarnigma> these private-public keys are related to each other, however they cannot be derived from each other . How is that maintained? How public-private key pairs are decided?
[18:34] <sayan> zarnigma: Mathematics does that, but my maths foo is not that strong
[18:34] <sayan> may be we all can sit someday and try to understand
[18:34] <zarnigma> okay will google it... it is done in the client side right? like we generated pair of keys yesterday
[18:35] <zarnigma> or are there any cases where server has a role to generate those key pairs?
[18:35] <sayan> there is a algorithm, called RSA algorithm
[18:36] <sayan> in RSA algorithm, you take two very large prime numbers, P & Q
[18:37] <sayan> and then you few operations like multiplication to find public key
[18:37] <sayan> (and then bunch of other operations happen which I really don't recall)
[18:38] <sayan> anyways you can search easily on the internet
[18:38] <zarnigma> sure will do that. Thanks
[18:38] <sayan> goinext
[18:38] <sayan> next
[18:38] <raydeeam> zarnigma can encrypt it with iinternaut public key. but while decrypting it iinternut need the private key. It's the inbuilt mechanism? like who's public key i used to encrypt the file only his private key can decrypt the file right?
[18:39] <sayan> raydeeam: yes
[18:39] <sayan> no other private key would work
[18:39] <raydeeam> okay <EOM>
[18:40] <sayan> raydeeam: also be try to be gender neutral in your sentences
[18:40] <sayan> next
[18:40] <ritik5049_> got the answer <EOM>
[18:40] <raydeeam> yeah sorry for that.
[18:40] <sayan> next
[18:41] <gargantua_kerr[m> Suppose I send a  message to my friend's machine in asymmetric encryption. So the private keys of my friends will be required to decrypt the message. Is the information stored somewhere in the message about my friends private key? Since the public key is used to encrpyt the message, how does it know which key decrpyts it?
[18:41] <sayan> because public-private is a pair
[18:42] <sayan> the public key you use, the private key of that pair can only encrypt it
[18:43] <sayan> next
[18:43] <gargantua_kerr[m> sayan: does public key pair up with both the private keys?
[18:43] <sayan> what do you mean by both private keys?
[18:43] <sayan> there is only one private key
[18:45] <gargantua_kerr[m> sayan: The two people who are communicating will have their own private key, right?
[18:45] <raydeeam> !
[18:45] <raydeeam> i can give the ans
[18:45] <aniruddhab> !
[18:45] <sayan> raydeeam: sure go ahead
[18:45] <sayan> next
[18:46] <raydeeam> like i want to send sayan a file. i'll use sayan's public key to encrypt it
[18:46] <aniruddhab> the public key know about private key that's why github auth asking for private key password while testing. right?
[18:46] <raydeeam> and sayan will decrypt the file using his private key
[18:46] <aniruddhab> after giving the public key to the github
[18:47] <raydeeam> sayan: am i right?
[18:47] <sayan> raydeeam: yes
[18:47] <sayan> gargantua_kerr[m: did you understand the raydeeam's example
[18:48] <gargantua_kerr[m> Yes. Thanks raydeeam !
[18:48] <sayan> next
[18:48] <aniruddhab> the public key know about private key that's why github auth asking for private key password while testing. right?
[18:48] <aniruddhab> after giving the public key to the github
[18:48] <sayan> Github never asks for any password
[18:49] <mrinalraj_> gargantua_kerr[m question is far more deep raydeeam, If the keys are different then how it gets decrypted?
[18:49] <sayan> I guess I will take another class to explain how these things interact
[18:50] <sayan> aniruddhab: but to answer your question
[18:50] <sayan> github intializes the process, it's your local machine itself which asks for your password to decrypt the message github sent
[18:51] <zarnigma> aniruddhab must be talking about paraphrase github asks while testing the connection
[18:51] <raydeeam> mrinalraj_: gargantua_kerr[m: different in the sense? sayan's private-public keys will be different. my private public keys will be different
[18:51] <sayan> zarnigma: I'm talking of the same, that passphrase is the password to your open the private key
[18:52] <aniruddhab> sayan, ok understood
[18:52] <aniruddhab> zarnigma, yes
[18:52] <sayan> I've no clue what mrinalraj_ meant
[18:52] <sayan> anyways ending the class here
[18:53] <sayan> Read about the types of encryption I discussed today
[18:53] <sayan> and the key exchange algorithm
[18:53] <sayan> also you can read about RSA algorithm
[18:53] <gargantua_kerr[m> raydeeam: Yeah. both of us will have different private keys, right? so will the public key pair up with both of them in an alternate way when message is sent to two-way?
[18:54] <sayan> gargantua_kerr[m: how can a message be sent in two-way?
[18:55] <sayan> if I already have the message why would I need that message back from the other party
[18:55] <sayan> Roll Call
[18:55] <gandalfdwite> Pravar Agrawal
[18:55] <raydeeam> gargantua_kerr[m: i want to send sayan a file. only he can access the file that's why i'll use sayan's public key. and sayan'll decrypt it using his private key. here i'll not use any of my private or public key in order to send a file to sayan.
[18:55] <j605> Jagannathan Tiruvallur Eachambadi
[18:55] <iinternaut> sayan, what about hashing?
[18:55] <raydeeam> Rayan Das
[18:55] <katek_warren> kumar Prateek
[18:55] <iinternaut> vibhor
[18:55] <aniruddhab> Aniruddha Basak
[18:56] <gargantua_kerr[m> sayan: Let me rephrase it. I'm sending a message to you, the public key will pair up with your private key and ou private key will decrypt it. When you send a instruction to my mqachine, the public key will pair up with my private key to devrypt the message. Is that what is happening?
[18:56] <prit28> Pritam
[18:56] <gargantua_kerr[m> Nilesh Patra
[18:56] <ritik5049_> Ritik Raushan
[18:56] <iinternaut> do we need to study that too?^^
[18:56] <Matorix> Abhay Kaushik
[18:56] <swiftkiller> sparsh
[18:57] <sayan> iinternaut: nope, not need to study hashing
[18:57] <hellozee[m]> Kuntal Majumder
----END CLASS----